BY KIM ZETTER AND KEVIN POULSEN
06.08.10 | 8:39 PM
The State Department and personnel at U.S. embassies around the world are reportedly waiting anxiously to find out if an Army intelligence analyst was telling the truth when he boasted that he had supplied 260,000 classified State Department diplomatic cables to the whistleblower site Wikileaks.
If Wikileaks has the secret documents and publishes them, the leak could not only expose damaging information about U.S. foreign policy and national security issues, but also expose embarrassing information about backroom diplomatic deals and U.S. attitudes toward foreign leaders — such as the opinions of U.S. ambassadors about the honesty, integrity, and strength and longevity of those leaders.
The concerns are reported in a story published at the Daily Beast that appears to confirm that alleged leaker Bradley Manning had access to the kinds of cables he recently discussed with a former hacker who turned him in to authorities.
As previously reported, Manning told ex-hacker Adrian Lamo that he had recently given 260,000 classified U.S. diplomatic cables to Wikileaks, and said the documents exposed “almost-criminal political back dealings.”
“Hillary Clinton and several thousand diplomats around the world are going to have a heart attack when they wake up one morning, and find an entire repository of classified foreign policy is available, in searchable format, to the public,” Manning told Lamo in an online chat session.
“If he really had access to these cables, we’ve got a terrible situation on our hands,” an anonymous American diplomat told the Daily Beast. “We’re still trying to figure out what he had access to. A lot of my colleagues overseas are sweating this out, given what those cables may contain.”
He said the cables could damage diplomatic efforts of the U.S. and its allies, and that the State Department and law enforcement agencies have been trying to determine whether, and how, to approach Wikileaks about not publishing the cables if it has them.
SPC Bradley Manning, 22, of Potomac, Maryland, was an Army intelligence analyst stationed at Forward Operating Base Hammer, 40 miles east of Baghdad. He was put under pre-trial confinement in Kuwait nearly two weeks ago by the Army’s Criminal Investigation Division. The Defense Department said in a statement this week that Manning has not been formally charged, but is being investigated for allegedly leaking classified information.
A U.S. military official told Wired.com that “everybody’s scattering in a thousand different directions, digging deep [for this investigation]. We don’t just do that for every story that pops up.”
He added that the public revelations about Manning’s alleged activities this week “alerted a lot of people that didn’t even know about this at the highest level.”
Manning was turned in late last month by Lamo, with whom he spoke online. In the course of their chats, Manning took credit for leaking the State Department cables to Wikileaks, as well as a headline-making video of a helicopter attack in Iraq that Wikileaks posted online April 5, another video showing the notorious 2009 Garani air strike in Afghanistan that Wikileaks has previously acknowledged is in its possession, and a classified Army document evaluating Wikileaks as a security threat.
Manning told Lamo he sent the Iraq video to Wikileaks in February. He doesn’t say when he allegedly transmitted the cables.
Wikileaks has not responded to calls and e-mails from Wired.com. A message published on the organization’s Twitter account Monday said that allegations “that we have been sent 260,000 classified U.S, embassy cables are, as far as we can tell, incorrect.”
The site has, however, posted one diplomatic cable that Manning mentions in his chat with Lamo. It was published by Wikileaks last February and describes a U.S. embassy meeting with the government of Iceland.
The State Department has suggested to the Daily Beast that even if Manning didn’t give thousands of cables to Wikileaks, he may still have downloaded a huge library of them and stored them for later transmission.
According to the Daily Beast, Manning apparently had “special access to cables prepared by diplomats and State Department officials throughout the Middle East regarding the workings of Arab governments and their leaders.”
The cables date back several years and traversed interagency computer networks that are available to the Army. They contain information about U.S. diplomatic and intelligence efforts in the Iraq and Afghanistan war zones, the diplomat said.
Manning enlisted in the Army in 2007 and was deployed with the 2nd Brigade 10th Mountain Division in Baghdad last November. Prior to this, he had been stationed at Fort Drum in New York, where his division is headquartered.
Manning was a 35F intelligence analyst with a Top Secret/SCI security clearance.
According to the Army’s web site, analysts in this position “use information derived from all intelligence disciplines to determine changes in enemy capabilities, vulnerabilities and probable courses of action.”
Duties include receiving and processing incoming intelligence reports and messages and maintaining intelligence records and files.
In chats with Lamo that Wired.com has examined, Manning said he had access to two classified networks from two separate secured laptops: SIPRnet, the Secret-level network used by the Department of Defense and the State Department, and the Joint Worldwide Intelligence Communications System which serves both agencies at the Top Secret/SCI level.
The networks, he said, were both “air-gapped” from unclassified networks, but the environment at the base made it easy to smuggle data out.
“I would come in with music on a CD-RW labeled with something like ‘Lady Gaga,’ erase the music then write a compressed split file,” he wrote. “No one suspected a thing and, odds are, they never will.”
“[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history,” he added later. ”Weak servers, weak logging, weak physical security, weak counterintelligence, inattentive signal analysis … a perfect storm.”
Regarding the State Department cables specifically, Manning told Lamo, “State dept fucked itself. Placed volumes and volumes of information in a single spot, with no security.”
Manning described personal issues that got him into trouble with his superiors and left him socially isolated. He said he had been demoted after he punched a colleague in the face during an argument, and was reassigned to a job in a supply office pending early discharge. He also told Lamo, “I’m restricted to SIPR now, because of the discharge proceedings.”
Army spokesman Lt. Col. Eric Bloom in Baghdad confirmed that in early May, Manning was demoted to private first class and was reassigned job duties. He did not know the reason behind the demotion but said Manning was not being discharged early and that his deployment in Iraq was supposed to last a year.
Bloom said the demotion was conducted under Article 15 of the Uniform Code of Military Justice in a nonjudicial proceeding, and that Manning maintained his security clearance after the demotion. He did not know what access Manning would have had to classified networks following his job reassignment.
A State Department source told the Daily Beast that Pentagon investigators have been searching through Manning’s e-mail accounts and computer hard drives for evidence of the data he claims to have downloaded and transmitted to Wikileaks.
But in his chats with Lamo, Manning told the ex-hacker that all traces of evidence had been deleted from his work computers as part of the troop-withdrawal procedures that have started in Iraq.
“I had two computers. One connected to SIPRnet the other to JWICS,” he wrote. “They’ve been zero-filled. Because of the pullout, evidence was destroyed … by the system itself.”
He also told Lamo that network security monitoring and logging was ineffective or nonexistent.
“There’s god-awful accountability of IP addresses,” he wrote. “The network was upgraded, and patched up so many times, and systems would go down, logs would be lost. And when moved or upgraded, hard drives were zeroed. It’s impossible to trace much on these field networks.”